Mozilla2: Proposal: An XPCOM Security model
As part proposal/planning materials in preparation for Mozilla 2.0 you can now read about the new CAPSSecurity.
An attempt at defining the goals, parameters, and suggesting an implementation for a unified security system for the XPCOM object model. Goal: provide a security model and API for the XPCOM component model which. Defines and minimizes the "Trusted Computing Base" of code which must be audited for security. Has no impedance mismatches with the CAS/CLR security model. Doesn't require changing existing frozen interfaces, if at all possible.
Read the document